diff options
author | Chad Brubaker <cbrubaker@google.com> | 2015-08-12 13:40:31 -0700 |
---|---|---|
committer | Chad Brubaker <cbrubaker@google.com> | 2015-08-12 13:44:05 -0700 |
commit | 54b1e9ad01c8042a449a9237833a335d6be04e83 (patch) | |
tree | 72af7fa2fc4214a2ad832a94afe903d8c55f4a42 | |
parent | 4174f017cc331c9c52d63dd999f81e3425d2cbb4 (diff) | |
download | android_system_security-54b1e9ad01c8042a449a9237833a335d6be04e83.tar.gz android_system_security-54b1e9ad01c8042a449a9237833a335d6be04e83.tar.bz2 android_system_security-54b1e9ad01c8042a449a9237833a335d6be04e83.zip |
Properly check for Blob max length
sizeof(mBlob.value) is incorrect because writeBlob pads up to the next
AES_BLOCK_SIZE
Bug:22802399
Change-Id: I377edca2c7ea2cf4455f22f5f927fdad79893729
-rw-r--r-- | keystore/keystore.cpp | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp index 8a43f02..65a8ea9 100644 --- a/keystore/keystore.cpp +++ b/keystore/keystore.cpp @@ -508,12 +508,12 @@ public: Blob(const uint8_t* value, size_t valueLength, const uint8_t* info, uint8_t infoLength, BlobType type) { memset(&mBlob, 0, sizeof(mBlob)); - if (valueLength > sizeof(mBlob.value)) { - valueLength = sizeof(mBlob.value); + if (valueLength > VALUE_SIZE) { + valueLength = VALUE_SIZE; ALOGW("Provided blob length too large"); } - if (infoLength + valueLength > sizeof(mBlob.value)) { - infoLength = sizeof(mBlob.value) - valueLength; + if (infoLength + valueLength > VALUE_SIZE) { + infoLength = VALUE_SIZE - valueLength; ALOGW("Provided info length too large"); } mBlob.length = valueLength; |